Related
I'm interested in using Azure as a PaaS solution to host a Node Js app that I'll be developing in the few coming months. I've done a fair bit of research on the pricing models and tiers so I sort of have a grasp on that, however, I'm not sure how to accurately spec my server requirements. When looking at pure CPU, Memory and Storage specifications between the Basic, Standard and Premium plans they all look similar, with the exception of storage I suppose.
The application I intend to build will primarily perform CRUD based actions. It will not host large images/videos and static files will be used in JS libraries or small images for theming (icons, logos etc I'm hoping there's a CDN). I anticipate no more than 1000 web page requests per day and the AppService is only intended to serve as a WebApi and Web Server, I intend to host the DB on Mlab.
I'm looking for an option that will give me reasonable page load and server response times (1-2secs). The app service also needs support for SSL, is that something I need to get from Microsoft or I can purchase and apply elsewhere.
Finally, I'd love to be able to test and dev on Azure, as from my experience it is better to do so on an architecture that matches your production. Is there any low cost Dev/Test server options that I can use instead of using the production service (which I anticipate will exceed my test performance requirements and would also cost more)?
While the CPU, memory, and storage options may look similar between the plans, the VM underneath and the additional features are not.
For plans:
Shared/Free are plans where you share a VM with other users. You have
quotas for how much of the VMs resources you are allowed to use, and
if you go over them the site will be shut down until the quota
resets. This is fine for dev/test environments, but can be risky for
production as a traffic spike can cause your site to be turned off
temporarily.
Basic plans give you a dedicated VM for your app, so there are no
quotas and thus removes the risk of having your site shut off it gets
too popular.
Standard adds autoscaling (the ability to increase and decrease resources based on usage metrics) and SSL.
Premium is similar to Standard, but the underlying VM is running on better hardware.
The Shared plan and higher (basically anything but free) offers load balancing and custom domains. You can purchase a domain within your Azure account or bring your own.
The default yourwebsite.azurewebsites.net is protected by the azurewebsites.net SSL cert. However, if you use a custom domain and need SSL support, then you need to be on a Standard plan or higher. As with domains, you can purchase one through Azure or bring your own.
You can put a CDN of your own choosing in front of your Azure App Service, or you can use Azure's CDN. It is not included in the App Service plan.
For production with a custom domain and SSL, you are looking at one of the Standard plans.
For dev/test there are a couple ways you could go. If your dev server doesn't use any of the extra features like custom domains, you can scale the plan up and down as you please. That means you can scale up to the matching plan for final testing of a release, but leave it in a lower tier the majority of the time.
The second option is to use deployment slots to create your dev site on the same VM as your prod site. You need to be on a Standard plan or higher to use this feature, and it comes with some added benefits. Particularly that you can swap which code is in production or funnel some of your traffic to a staging slot before swapping new code into production.
I been wondering how secure/dangerous could be to run a PHP WebApp (WebApp-A) in Azure when there is another WebApp (WebApp-B that could be a .Net app) running on the same Azure subscription.
Could WebApp-A run some malicious script and affect the server instance of WebApp-B?
There's no way to give a blanket-statement answer regarding malicious scripts, attack surfaces, etc. There are many vulnerabilities showing up daily (which have nothing to do with web apps - just attacks in general).
That said: Every web app in Azure is going to have its own sandbox with its own files, etc. The only thing shared between web apps? The app service plan hosting the web app(s) (you may have multiple web apps on an app service plan). But the only thing they share are things like CPU. Everything from a code standpoint is isolated.
You'd need to take explicit steps to grant access across web apps (e.g. add them to the same vnet).
We are running several azure websites (or web apps) on a medium instance. I would like to know if there will be an impact on performance on any of the other sites when running a simple load test on one of them. In other words, do these sites share the same processor/memory or is this handled differently in azure?
If the apps are in the same app service plan then yes there will be an impact. Apps within the same app service plan share resources and capacity.
https://azure.microsoft.com/en-us/documentation/articles/azure-web-sites-web-hosting-plans-in-depth-overview/
What are the material differences between the new Azure Web Sites and the traditional Azure Web Roles for an ASP.NET MVC application? What reason would I choose a "web site" over a "web role" or vice versa?
Let's assume that I would need equal capacity in either case (e.g. 2 small instances). The prices seem comparable other than the fact that there is a 33% temporary discount for web sites while they are in their preview period.
Are there things that I can do with a "web site" that are difficulty or impossible with a web role? For example, does it become easy to put multiple web sites in a single set of VMs using "web sites"? Do I lose anything with a "web site" vs a "web role"? Ability to fine tune IIS? Ability to use the Cache service locally?
Web Roles give you several features beyond Web Apps (formerly Web Sites):
Ability to run elevated startup scripts to install apps, modify registry settings, install performance counters, fine-tune IIS, etc.
Ability to split an app up into tiers (maybe Web Role for front end, Worker Role for backend processing) and scale independently
Ability to RDP into your VM for debugging purposes
Network isolation
Dedicated virtual IP address, which allows web role instances in a cloud service to access IP-restricted Virtual Machines
ACL-restricted endpoints (added in Azure SDK 2.3, April 2014)
Support for any TCP/UDP ports (Web Sites are restricted to TCP 80/443)
Web Apps have advantages over Web Roles though:
Near-instant deployment with deployment history / rollbacks
Visual Studio Online, github, local git, ftp, CodePlex, DropBox, BitBucket deployment support
Ability to roll out one of numerous CMS's and frameworks, (like WordPress, Joomla, Django, MediaWiki, etc.)
Use of SQL Database or MySQL
Simple and fast to scale from free tier to shared tier to dedicated tier
Web Jobs
Backups of Web Site content
Built-in web-based debugging tools (simple cmd/powershell debug console, process explorer, diagnostic tools like log streaming, etc.)
With the April 2014 and September 2014 rollouts, there are now some features common to both Web Apps and Web Roles (and Worker Roles), including:
Staging+production slots
Wildcard DNS, SSL certificates
Visual Studio integration
Traffic Manager support
Virtual Network support
Here's a screengrab I took from the Web Sites gallery selection form:
I think Web Apps are a great way to get up and running quickly, where you can move from shared to reserved resources. Once you outgrow this, you can then move up to Web Roles and expand as you need.
EDIT 2014: For what it's worth, a lot of the info in this answer is no longer correct - see comments.
Add more to #David response:
With Windows Azure Websites, you don't have control over IIS or web Server because you are using a resources slice along with hundreds of other website on the same machine, you are sharing resources like any other so there is no control over IIS.
The big difference between a website shared and Azure web role is that a web-site is considered process bound while roles are VM bound.
Websites are stored on a content share which is accessible from all the "web servers" in the farm so there is no replication or anything like that required.
Windows Azure websites can not have their own host name instead they must use websitename.azurewebsites.net only and you sure can use CNAME setting in your DNS provider to route your request exactly same with previous Windows Azure Role only when they are running in reserved mode. CNAME setting is not supported for shared websites.
I've just posted a comprehensive blog post on this very subject at http://robdmoore.id.au/blog/2012/06/09/windows-azure-web-sites-vs-web-roles/.
An excerpt from my conclusion: If you need enormous scale, SSL, Asian or West US data centres, a non-standard configuration (of IIS, ports, diagnostics, security certs or start up scripts), RDP or cost-effective Worker Roles (combined with your Web Role) then you are going to have to stick to Web Roles for now.
Otherwise, Web Sites is a great option!
Azure Web Role is like a virtual private host. You get a VM that acts as your web server, and you own that VM instance.
Azure Web Sites are like an elastic shared hosting service. You deploy your app to a web server that is not controlled by you and which also servers other users' sites. You can scale your site up and down (at some extra charge) to make it more elastic as your resource needs shift.
There is one more scenario that is up the air: After these 500 exceptions are eliminated, they haven't said anything about the ability of Azure Websites to handle wildcard CNAME's. Several of us are using Nate's Web Role Accelerator in Cloud Services, becuase a one-line hack provided wildcard subdomain capability in Nate's software. We can't move these wildcard subdomain apps until we know that Azure Websites will be able to handle them. If it won't ever be able to do that, then it goes down as a positive on the Web Role side of the equation. Also of note is that with pricing being exactly the same (after the preview discount expires), I'm not sure I want to give up my access to RDC and Event Viewer (just to mention two things).
Azure Web Sites enables you to build highly scalable web sites quickly on Azure. You can use the Azure Portal or the command-line tools to set up a web site with popular languages such as .NET, PHP, Node.js, and Python. Supported frameworks are already deployed and do not require more installation steps. The Azure Web Sites gallery contains many third-party applications, such as Drupal and WordPress as well as development frameworks such as Django and CakePHP. After creating a site, you can either migrate an existing web site or build a completely new web site. Web Sites eliminates the need to manage the physical hardware, and it also provides several scaling options. You can move from a shared multi-tenant model to a standard mode where dedicated machines service incoming traffic. Web Sites also enable you to integrate with other Azure services, such as SQL Database, Service Bus, and Storage. Using the Azure WebJobs SDK preview, you can add background processing. In summary, Azure Web Sites make it easier to focus on application development by supporting a wide range of languages, open source applications, and deployment methodologies (FTP, Git, Web Deploy, or TFS). If you don’t have specialized requirements that require Cloud Services or Virtual Machines, an Azure Web Site is most likely the best choice.
Cloud Services enable you to create highly-available, scalable web applications in a rich Platform as a Service (PaaS) environment. Unlike Web Sites, a cloud service is created first in a development environment, such as Visual Studio, before being deployed to Azure. Frameworks, such as PHP, require custom deployment steps or tasks that install the framework on role startup. The main advantage of Cloud Services is the ability to support more complex multitier architectures. A single cloud service could consist of a frontend web role and one or more worker roles. Each tier can be scaled independently. There is also an increased level of control over your web application infrastructure. For example, you can remote desktop onto the machines that are running the role instances. You can also script more advanced IIS and machine configuration changes that run at role startup, including tasks that require administrator control.
Virtual Machines enable you to run web applications on virtual machines in Azure. This capability is also known as Infrastructure as a Service (IaaS). Create new Windows Server or Linux machines through the portal, or upload an existing virtual machine image. Virtual Machines give you the most control over the operating system, configuration, and installed software and services. This is a good option for quickly migrating complex on-premises web applications to the cloud, because the machines can be moved as a whole. With Virtual Networks, you can also connect these virtual machines to on-premises corporate networks. As with Cloud Services, you have remote access to these machines and the ability to perform configuration changes at the administrative level. However, unlike Web Sites and Cloud Services, you must manage your virtual machine images and application architecture completely at the infrastructure level. One basic example is that you have to apply your own patches to the operating system.
See updated and comprehensive comparison from this link: http://azure.microsoft.com/en-us/documentation/articles/choose-web-site-cloud-service-vm/
Azure Websites, Web Workers and Virtual Machines are three different computing approaches available on Windows Azure. They differ in the level of control and responsibilities:
Azure Website have lowest level of control, but you don't care about keeping in health virtual machine and IIS, because Azure stuff do this for you
Web Roles give you more control (traffic manager, remote desktop), but more administration is possible on your side which means that you can break something via remote desktop for example
Virtual Machines gives you full control of VM, so require the most administration efforts.
There is no one best choice, because it depends on what level of control you need, what features you need and what you want to leave Azure stuff to maintain. And it is big topic..
Please look at this articles for more information to make more informed choice:
http://www.windowsazure.com/en-us/documentation/articles/choose-web-site-cloud-service-vm/
http://davidpallmann.blogspot.com/2012/06/reintroducing-windows-azure-part-2.html
It boils down to tradeoff between ease of use and capabilities.
Two more things I found was cost of getting SSL for a custom domain site and Multi-tenant configurations.
For website you need to pay monthly on top of standard instance (Small instance is the cheapest option). This means in order to get custom domain https would cost you ~70/month for small instance plus ~41/ month for SSL that supports all browser.
For WebRole you can get XS instance and add your own SSL for free, which means ~$15 per month
and you have a custom domain with SSL.
For multi-tenant website check out
Multi-tenant Azure dynamic wildcard CName
A web role is a virtual machine that hosts multiple websites
This is a common question, and I would like to give out an excerpt from msdn.
Access to services like Caching, Service Bus, Storage, SQL Azure Database- WebSite:Yes WebRole:Yes
Support for ASP.NET, classic ASP, Node.js, PHP- WebSite: Yes WebRole:Yes
Shared content and configuration- WebSite:Yes WebRole:No
Deploy code with GIT, FTP- WebSite:Yes WebRole:No
Near-instant deployment-WebSite:Yes WebRole:No
Integrated MySQL-as-a-service support-WebSite:Yes WebRole:Yes
Multiple deployment environments (production and staging)-WebSite:No WebRole:Yes
Network isolation-WebSite:No WebRole:Yes
Remote desktop access to servers-WebSite:No WebRole:Yes
Ability to run programs with elevated permissions-WebSite:No WebRole:Yes
Ability to define/execute start-up tasks-WebSite:No WebRole:Yes
Ability to use unsupported frameworks or libraries-WebSite:No WebRole:Yes
Support for Windows Azure Connect/ Windows Azure Network-WebSite:No WebRole:Yes
To get a more in detail, visit this link: http://blogs.msdn.com/b/silverlining/archive/2012/06/27/windows-azure-websites-web-roles-and-vms-when-to-use-which.aspx
What are the material differences between the new Azure Web Sites and the traditional Azure Web Roles for an ASP.NET MVC application? What reason would I choose a "web site" over a "web role" or vice versa?
Let's assume that I would need equal capacity in either case (e.g. 2 small instances). The prices seem comparable other than the fact that there is a 33% temporary discount for web sites while they are in their preview period.
Are there things that I can do with a "web site" that are difficulty or impossible with a web role? For example, does it become easy to put multiple web sites in a single set of VMs using "web sites"? Do I lose anything with a "web site" vs a "web role"? Ability to fine tune IIS? Ability to use the Cache service locally?
Web Roles give you several features beyond Web Apps (formerly Web Sites):
Ability to run elevated startup scripts to install apps, modify registry settings, install performance counters, fine-tune IIS, etc.
Ability to split an app up into tiers (maybe Web Role for front end, Worker Role for backend processing) and scale independently
Ability to RDP into your VM for debugging purposes
Network isolation
Dedicated virtual IP address, which allows web role instances in a cloud service to access IP-restricted Virtual Machines
ACL-restricted endpoints (added in Azure SDK 2.3, April 2014)
Support for any TCP/UDP ports (Web Sites are restricted to TCP 80/443)
Web Apps have advantages over Web Roles though:
Near-instant deployment with deployment history / rollbacks
Visual Studio Online, github, local git, ftp, CodePlex, DropBox, BitBucket deployment support
Ability to roll out one of numerous CMS's and frameworks, (like WordPress, Joomla, Django, MediaWiki, etc.)
Use of SQL Database or MySQL
Simple and fast to scale from free tier to shared tier to dedicated tier
Web Jobs
Backups of Web Site content
Built-in web-based debugging tools (simple cmd/powershell debug console, process explorer, diagnostic tools like log streaming, etc.)
With the April 2014 and September 2014 rollouts, there are now some features common to both Web Apps and Web Roles (and Worker Roles), including:
Staging+production slots
Wildcard DNS, SSL certificates
Visual Studio integration
Traffic Manager support
Virtual Network support
Here's a screengrab I took from the Web Sites gallery selection form:
I think Web Apps are a great way to get up and running quickly, where you can move from shared to reserved resources. Once you outgrow this, you can then move up to Web Roles and expand as you need.
EDIT 2014: For what it's worth, a lot of the info in this answer is no longer correct - see comments.
Add more to #David response:
With Windows Azure Websites, you don't have control over IIS or web Server because you are using a resources slice along with hundreds of other website on the same machine, you are sharing resources like any other so there is no control over IIS.
The big difference between a website shared and Azure web role is that a web-site is considered process bound while roles are VM bound.
Websites are stored on a content share which is accessible from all the "web servers" in the farm so there is no replication or anything like that required.
Windows Azure websites can not have their own host name instead they must use websitename.azurewebsites.net only and you sure can use CNAME setting in your DNS provider to route your request exactly same with previous Windows Azure Role only when they are running in reserved mode. CNAME setting is not supported for shared websites.
I've just posted a comprehensive blog post on this very subject at http://robdmoore.id.au/blog/2012/06/09/windows-azure-web-sites-vs-web-roles/.
An excerpt from my conclusion: If you need enormous scale, SSL, Asian or West US data centres, a non-standard configuration (of IIS, ports, diagnostics, security certs or start up scripts), RDP or cost-effective Worker Roles (combined with your Web Role) then you are going to have to stick to Web Roles for now.
Otherwise, Web Sites is a great option!
Azure Web Role is like a virtual private host. You get a VM that acts as your web server, and you own that VM instance.
Azure Web Sites are like an elastic shared hosting service. You deploy your app to a web server that is not controlled by you and which also servers other users' sites. You can scale your site up and down (at some extra charge) to make it more elastic as your resource needs shift.
There is one more scenario that is up the air: After these 500 exceptions are eliminated, they haven't said anything about the ability of Azure Websites to handle wildcard CNAME's. Several of us are using Nate's Web Role Accelerator in Cloud Services, becuase a one-line hack provided wildcard subdomain capability in Nate's software. We can't move these wildcard subdomain apps until we know that Azure Websites will be able to handle them. If it won't ever be able to do that, then it goes down as a positive on the Web Role side of the equation. Also of note is that with pricing being exactly the same (after the preview discount expires), I'm not sure I want to give up my access to RDC and Event Viewer (just to mention two things).
Azure Web Sites enables you to build highly scalable web sites quickly on Azure. You can use the Azure Portal or the command-line tools to set up a web site with popular languages such as .NET, PHP, Node.js, and Python. Supported frameworks are already deployed and do not require more installation steps. The Azure Web Sites gallery contains many third-party applications, such as Drupal and WordPress as well as development frameworks such as Django and CakePHP. After creating a site, you can either migrate an existing web site or build a completely new web site. Web Sites eliminates the need to manage the physical hardware, and it also provides several scaling options. You can move from a shared multi-tenant model to a standard mode where dedicated machines service incoming traffic. Web Sites also enable you to integrate with other Azure services, such as SQL Database, Service Bus, and Storage. Using the Azure WebJobs SDK preview, you can add background processing. In summary, Azure Web Sites make it easier to focus on application development by supporting a wide range of languages, open source applications, and deployment methodologies (FTP, Git, Web Deploy, or TFS). If you don’t have specialized requirements that require Cloud Services or Virtual Machines, an Azure Web Site is most likely the best choice.
Cloud Services enable you to create highly-available, scalable web applications in a rich Platform as a Service (PaaS) environment. Unlike Web Sites, a cloud service is created first in a development environment, such as Visual Studio, before being deployed to Azure. Frameworks, such as PHP, require custom deployment steps or tasks that install the framework on role startup. The main advantage of Cloud Services is the ability to support more complex multitier architectures. A single cloud service could consist of a frontend web role and one or more worker roles. Each tier can be scaled independently. There is also an increased level of control over your web application infrastructure. For example, you can remote desktop onto the machines that are running the role instances. You can also script more advanced IIS and machine configuration changes that run at role startup, including tasks that require administrator control.
Virtual Machines enable you to run web applications on virtual machines in Azure. This capability is also known as Infrastructure as a Service (IaaS). Create new Windows Server or Linux machines through the portal, or upload an existing virtual machine image. Virtual Machines give you the most control over the operating system, configuration, and installed software and services. This is a good option for quickly migrating complex on-premises web applications to the cloud, because the machines can be moved as a whole. With Virtual Networks, you can also connect these virtual machines to on-premises corporate networks. As with Cloud Services, you have remote access to these machines and the ability to perform configuration changes at the administrative level. However, unlike Web Sites and Cloud Services, you must manage your virtual machine images and application architecture completely at the infrastructure level. One basic example is that you have to apply your own patches to the operating system.
See updated and comprehensive comparison from this link: http://azure.microsoft.com/en-us/documentation/articles/choose-web-site-cloud-service-vm/
Azure Websites, Web Workers and Virtual Machines are three different computing approaches available on Windows Azure. They differ in the level of control and responsibilities:
Azure Website have lowest level of control, but you don't care about keeping in health virtual machine and IIS, because Azure stuff do this for you
Web Roles give you more control (traffic manager, remote desktop), but more administration is possible on your side which means that you can break something via remote desktop for example
Virtual Machines gives you full control of VM, so require the most administration efforts.
There is no one best choice, because it depends on what level of control you need, what features you need and what you want to leave Azure stuff to maintain. And it is big topic..
Please look at this articles for more information to make more informed choice:
http://www.windowsazure.com/en-us/documentation/articles/choose-web-site-cloud-service-vm/
http://davidpallmann.blogspot.com/2012/06/reintroducing-windows-azure-part-2.html
It boils down to tradeoff between ease of use and capabilities.
Two more things I found was cost of getting SSL for a custom domain site and Multi-tenant configurations.
For website you need to pay monthly on top of standard instance (Small instance is the cheapest option). This means in order to get custom domain https would cost you ~70/month for small instance plus ~41/ month for SSL that supports all browser.
For WebRole you can get XS instance and add your own SSL for free, which means ~$15 per month
and you have a custom domain with SSL.
For multi-tenant website check out
Multi-tenant Azure dynamic wildcard CName
A web role is a virtual machine that hosts multiple websites
This is a common question, and I would like to give out an excerpt from msdn.
Access to services like Caching, Service Bus, Storage, SQL Azure Database- WebSite:Yes WebRole:Yes
Support for ASP.NET, classic ASP, Node.js, PHP- WebSite: Yes WebRole:Yes
Shared content and configuration- WebSite:Yes WebRole:No
Deploy code with GIT, FTP- WebSite:Yes WebRole:No
Near-instant deployment-WebSite:Yes WebRole:No
Integrated MySQL-as-a-service support-WebSite:Yes WebRole:Yes
Multiple deployment environments (production and staging)-WebSite:No WebRole:Yes
Network isolation-WebSite:No WebRole:Yes
Remote desktop access to servers-WebSite:No WebRole:Yes
Ability to run programs with elevated permissions-WebSite:No WebRole:Yes
Ability to define/execute start-up tasks-WebSite:No WebRole:Yes
Ability to use unsupported frameworks or libraries-WebSite:No WebRole:Yes
Support for Windows Azure Connect/ Windows Azure Network-WebSite:No WebRole:Yes
To get a more in detail, visit this link: http://blogs.msdn.com/b/silverlining/archive/2012/06/27/windows-azure-websites-web-roles-and-vms-when-to-use-which.aspx